The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Alessandro Armando, Wihem Arsac, Tigran Avanesov, Michele Barletta, Alberto Calvi, Alessandro Cappai, Roberto Carbone, Yannick Chevalier, Luca Compagna, Jorge Cuéllar, Gabriel Erzse, Simone Frau, Marius Minea, Sebastian Alexander Mödersheim, David Von Oheimb, Giancarlo Pellegrino, Serena Elisa Ponta, Marco Rocchetto, Michael Rusinowitch, Mohammad Torabi DashtiMathieu Turuani, Luca Viganò

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.
    Original languageEnglish
    Title of host publicationTools and Algorithms for the Construction and Analysis of Systems : 18th International Conference, TACAS 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, March 24 – April 1, 2012. Proceedings
    PublisherSpringer
    Publication date2012
    Pages267-282
    ISBN (Print)978-3-642-28755-8
    ISBN (Electronic)978-3-642-28756-5
    DOIs
    Publication statusPublished - 2012
    Event18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2012) - Tallinn, Estonia
    Duration: 24 Mar 20121 Apr 2012
    http://www.etaps.org/2012/tacas

    Conference

    Conference18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2012)
    CountryEstonia
    CityTallinn
    Period24/03/201201/04/2012
    Internet address
    SeriesLecture Notes in Computer Science
    Volume7214
    ISSN0302-9743

    Cite this

    Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuéllar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S. A., Von Oheimb, D., Pellegrino, G., Ponta, S. E., Rocchetto, M., Rusinowitch, M., ... Viganò, L. (2012). The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. In Tools and Algorithms for the Construction and Analysis of Systems: 18th International Conference, TACAS 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, March 24 – April 1, 2012. Proceedings (pp. 267-282). Springer. Lecture Notes in Computer Science, Vol.. 7214 https://doi.org/10.1007/978-3-642-28756-5_19